[2/3,nVMX] : Check "load IA32_PAT" VM-entry control on vmentry of L2 guests
diff mbox series

Message ID 20190319014624.31399-3-krish.sadhukhan@oracle.com
State New
Headers show
Series
  • [1/3,nVMX] : Check "load IA32_PAT" VM-exit control on vmentry of L2 guests
Related show

Commit Message

Krish Sadhukhan March 19, 2019, 1:46 a.m. UTC
According to section "CHECKING AND LOADING GUEST STATE" in Intel SDM vol
3C, the following check is performed on vmentry of L2 guests:

    If the "load IA32_PAT" VM-entry control is 1, the value of the field
    for the IA32_PAT MSR must be one that could be written by WRMSR
    without fault at CPL 0. Specifically, each of the 8 bytes in the
    field must have one of the values 0 (UC), 1 (WC), 4 (WT), 5 (WP),
    6 (WB), or 7 (UC-).

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
---
 arch/x86/kvm/vmx/nested.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Comments

Sean Christopherson March 19, 2019, 2:58 p.m. UTC | #1
On Mon, Mar 18, 2019 at 09:46:23PM -0400, Krish Sadhukhan wrote:
> According to section "CHECKING AND LOADING GUEST STATE" in Intel SDM vol
> 3C, the following check is performed on vmentry of L2 guests:

Same comment about "of L2 guests".

> 
>     If the "load IA32_PAT" VM-entry control is 1, the value of the field
>     for the IA32_PAT MSR must be one that could be written by WRMSR
>     without fault at CPL 0. Specifically, each of the 8 bytes in the
>     field must have one of the values 0 (UC), 1 (WC), 4 (WT), 5 (WP),
>     6 (WB), or 7 (UC-).
> 
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
> Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
> ---
>  arch/x86/kvm/vmx/nested.c | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index a1b44d930d26..6185ba4e6e55 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -2637,6 +2637,20 @@ static int nested_check_host_control_regs(struct kvm_vcpu *vcpu,
>  	return 0;
>  }
>  
> +/*
> + * Checks related to Control Registers, Debug Registers and MSRs in
> + * Guest State Area.
> + */
> +static int nested_check_guest_ctrl_dbg_regs_msrs(struct vmcs12 *vmcs12)
> +{
> +	if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PAT) {
> +		if (nested_check_pat_fields(vmcs12->guest_ia32_pat))

Again, single if statement using &&.

> +			return -EINVAL;
> +	}
> +
> +	return 0;
> +}
> +
>  /*
>   * Checks related to Guest Non-register State
>   */
> @@ -2660,6 +2674,9 @@ static int nested_vmx_check_vmentry_prereqs(struct kvm_vcpu *vcpu,
>  	if (nested_check_host_control_regs(vcpu, vmcs12))
>  		return VMXERR_ENTRY_INVALID_HOST_STATE_FIELD;
>  
> +	if (nested_check_guest_ctrl_dbg_regs_msrs(vmcs12))
> +		return VMXERR_ENTRY_INVALID_CONTROL_FIELD;

This belongs in nested_vmx_check_vmentry_postreqs(), i.e. failed checks
when loading guest state result in VM-Exit.  And there are already control
register checks (cr0 and cr4) in nested_vmx_check_vmentry_postreqs().  It
probably makes sense to first add the PAT check as a direct call along
side the cr0 and cr4 checks, and then tack on a patch to add
nested_check_guest_ctrl_dbg_regs_msrs().

> +
>  	if (nested_check_guest_non_reg_state(vmcs12))
>  		return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
>  
> -- 
> 2.17.2
>

Patch
diff mbox series

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index a1b44d930d26..6185ba4e6e55 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2637,6 +2637,20 @@  static int nested_check_host_control_regs(struct kvm_vcpu *vcpu,
 	return 0;
 }
 
+/*
+ * Checks related to Control Registers, Debug Registers and MSRs in
+ * Guest State Area.
+ */
+static int nested_check_guest_ctrl_dbg_regs_msrs(struct vmcs12 *vmcs12)
+{
+	if (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PAT) {
+		if (nested_check_pat_fields(vmcs12->guest_ia32_pat))
+			return -EINVAL;
+	}
+
+	return 0;
+}
+
 /*
  * Checks related to Guest Non-register State
  */
@@ -2660,6 +2674,9 @@  static int nested_vmx_check_vmentry_prereqs(struct kvm_vcpu *vcpu,
 	if (nested_check_host_control_regs(vcpu, vmcs12))
 		return VMXERR_ENTRY_INVALID_HOST_STATE_FIELD;
 
+	if (nested_check_guest_ctrl_dbg_regs_msrs(vmcs12))
+		return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
+
 	if (nested_check_guest_non_reg_state(vmcs12))
 		return VMXERR_ENTRY_INVALID_CONTROL_FIELD;